Closed FarhadG closed 5 years ago
ggozad
commented
5 years ago There isn't really a place where you can see the key/values. They won't be shown under Website & App Passwords. IIRC this is possible if you set up "Shared web credentials" but your mileage may vary.
FarhadG
commented
5 years ago Thanks for the quick response, @ggozad! I guess I'm curious on how to ensure others don't have access to these credentials. If I understand correctly, the only thing that distinguishes the secure storage access is the provided key to define its domain space. Given this key is set within the Cordova app (i.e. frontend), I'd imagine it would be pretty easy for anyone else to get access to this key and retrieve data from the local hardware?
Thank you, in advance, for your help!
ggozad
commented
5 years ago No that is not the case. "key" here refers to key as in key-value. It is not a cryptographic key. The keys used in the keychain are generated on the phone and encrypted with crypto keys unique to the user. No other app can access the storage except if from the same developer and if sharing of the keychain has been allowed for those apps.
For android, it's a similar case, but I am not going to go into it here. Please refer to the code for more info.
FarhadG
commented
5 years ago Ah, I see! Thanks for that clarification, @ggozad . So, by key/value of the domain space, the following would be represented, more-or-less, by the following underlying dictionary:
var ss = new cordova.plugins.SecureStorage(console.log, console.error, 'my_app');
ss.set(console.log,console.error, 'mykey', 'myvalue');
/*
{
'my_app': {
'myKey': 'myValue'
}
}
*/
I understand that all data is being stored within iOS Keychain, however, as I'm developing and running the application on my iPhone, I don't see the actual values stored in the keychain. I'm able to set and retrieve the data, however, when I go to
Settings>Passwords & Accounts>Website & App Passwords, I don't see the data there. I'm assuming I'm looking in the wrong place?